[原文]slxweb.dll in SalesLogix 6.1 allows remote attackers to obtain sensitive information via a (1) Library or (2) Attachment request with an invalid file parameter, which reveals the path in an error message.
Updates have been released that resolve these issues. These updates are reportedly available to registered customers through the vendor's support portal. Please see the referenced support page for more information.
SalesLogix contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an invalid filename is passed to the component responsible for downloading files from the server to the user, and leads to disclosure of full library and attachment paths resulting in a loss of confidentiality.
Currently, there are no known workarounds or upgrades to correct this issue. However, SalesLogix has released a patch to address this vulnerability.